Sensitive Information Disclosure in Telegram for macOS
CVE-2021-27205

5.5MEDIUM

Key Information:

Vendor: Telegram
Status: Telegram
Vendor: CVE Published:; 12 February 2021

What is CVE-2021-27205?

The Telegram application for macOS prior to version 7.4 (212543) has a significant vulnerability where it stores local copies of self-destructing messages in a sandbox path. This behavior can lead to unintended access to these sensitive messages, compromising user privacy and potentially exposing confidential information.

References

https://www.inputzero.io/2020/12/telegram-privacy-fails-a...

x_refsource_MISC

https://www.youtube.com/watch?v=Go-4srm_1fQ

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2021
Vulnerability Reserved
Feb 12, 2021